VDB

GCVE-110-MAGEIA-2016-100

GCVE-110-MAGEIA-2016-100
Advisory Published
Vulnetix · Advisory published March 7, 2016
Updated jasper packages fix security vulnerabilities: The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image (CVE-2016-2089). Jacob Baines discovered that a double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file (CVE-2016-1577). Tyler Hicks discovered that a memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file (CVE-2016-2116).

Affected Products

VendorProductVersionsPlatforms
Mageiamad0 (affected), 0.15.1b-17.3.mga5 (unaffected)
Mageiajasper0 (affected), 1.900.1-20.4.mga5 (unaffected), 0 (affected), 1.900.1-20.4.mga5 (unaffected)

Browse GCVE Records

73,280 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›